First published: Thu Sep 29 2022(Updated: )
In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. This occurs when an attacker supposedly resumes a previous TLS session. During the resumption Client Hello a Hello Retry Request must be triggered. Both Client Hellos are required to contain a list of duplicate cipher suites to trigger the buffer overflow. In total, two Client Hellos have to be sent: one in the resumed session, and a second one as a response to a Hello Retry Request message.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
WolfSSL wolfssl | <5.5.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2022-39173.
The severity of CVE-2022-39173 is high with a severity value of 7.5.
Malicious clients can exploit CVE-2022-39173 by causing a buffer overflow during a TLS 1.3 handshake.
wolfSSL versions up to but excluding 5.5.1 are affected by CVE-2022-39173.
Yes, updating to wolfSSL version 5.5.1 or later will fix CVE-2022-39173.